<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class ACL {
	
	private $CI;
	private $mode = 'sacl';
	private $group;
	private $module;
	private $controller;
	private $method;
	private $redirect = 'user/auth';
	private $tbl_group = 'group';
	private $accessList;
	
	public function ACL() {
		$this->CI = get_instance();
		$this->CI->config->load('acl');
		$this->accessList = $this->setAccessList();
		if ($this->mode === 'sacl') $this->group = $this->getNumGroup();
		else $this->group = $this->getUserGroup();
		$this->module = $this->getModule();
		$this->controller = $this->getController();
		$this->method = $this->getMethod();
		if (!$this->checkRights()) {
			$this->CI->session->set_flashdata('rights_error', 'У вас нет доступа');
			if ($this->group == 99) redirect($this->redirect);
			redirect();
		}
	}
	
	private function checkRights() {
		return ($this->mode === 'sacl') ? $this->sacl_check() : $this->hacl_check();
	}
	
	private function sacl_check() {
		if (isset($this->accessList[$this->module])) {
			$mod = $this->accessList[$this->module];
			if (isset($mod[$this->controller])) {
				$contr = $mod[$this->controller];
				if (isset($contr[$this->method]))
					if (in_array($this->group, $contr[$this->method]) || in_array('*', $contr[$this->method])) return true;
				elseif (isset($contr['*']))
					if (in_array($this->group, $contr['*']) || in_array('*', $contr['*'])) return true;
			}
		}
		return false;
	}
	
	private function hacl_check() {
		if (isset($this->accessList[$this->module])) {
			$mod = $this->accessList[$this->module];
			if (isset($mod[$this->controller])) {
				$contr = $mod[$this->controller];
				if (isset($contr[$this->method]))
					if ($this->group <= $contr[$this->method]) return true;
				elseif (isset($contr['*']))
					if ($this->group <= $contr['*']) return true;
			}
		}
		return false;
	}
	
	private function setAccessList() {
		if ($this->mode === 'sacl') return $this->setSACL();
		return $this->setHACL();
	}
	
	private function setSACL() {
		return $this->CI->config->item('sacl');
	}
	
	private function setHACL() {
		return $this->CI->config->item('hacl');
	}
	
	private function getUserGroup() {
		$gr = $this->CI->session->userdata('group');
		$res = $this->CI->db->get_where($this->tbl_group, array('id' => $gr))->row();
		return ($res == TRUE) ? $res->name : 'user';
	}
	
	private function getNumGroup() {
		$gr = $this->CI->session->userdata('group');
		$res = $this->CI->db->get_where($this->tbl_group, array('id' => $gr))->row();
		return ($res == TRUE) ? $res->numeric_value : 99;
	}
	
	private function getModule() {
		$module = $this->CI->uri->segment(1);
		if ($module) {
			if ($module === 'admin') return $this->CI->router->routes['default_controller'];
			return $module;
		}
		return $this->CI->router->routes['default_controller'];
	}
	
	private function getController() {
		return $this->CI->router->class;
	}
	
	private function getMethod() {
		return $this->CI->router->method;
	}
	
}